WFSM000001: Permission check failed ... FilePermission when Security Manager enabled and Web App tries to forward to jsp in JBoss EAP 7

Solution Unverified - Updated -

Issue

  • We have the security manager enabled and when we access a servlet that tries to use the RequestDispatcher to forward to a jsp, it is failing without error. With io.undertow debug enabled we can see:
2020-04-16 14:46:55,390 DEBUG [io.undertow.request] (default task-1) Invalid path forward.jsp: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jboss/jboss-eap-7.2/standalone/tmp" "read")" in code source "(vfs:/content/JBEAP-19256.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.JBEAP-19256.war" from Service Module Loader")
  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:307)
  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:204)
  at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
  at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:372)
  at sun.nio.fs.UnixPath.checkRead(UnixPath.java:795)
  at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:49)
  at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:144)
  at java.nio.file.Files.readAttributes(Files.java:1737)
  at java.nio.file.Files.isSymbolicLink(Files.java:2153)
  at io.undertow.server.handlers.resource.PathResourceManager.getSymlinkBase(PathResourceManager.java:309)
  at io.undertow.server.handlers.resource.PathResourceManager.getResource(PathResourceManager.java:218)
  at org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource(ServletResourceManager.java:74)
  at io.undertow.server.handlers.resource.CachingResourceManager.getResource(CachingResourceManager.java:114)
  at io.undertow.server.handlers.resource.CachingResourceManager.getResource(CachingResourceManager.java:32)
  at io.undertow.servlet.handlers.ServletPathMatches.getServletHandlerByPath(ServletPathMatches.java:96)
  at io.undertow.servlet.spec.RequestDispatcherImpl.<init>(RequestDispatcherImpl.java:74)
  at io.undertow.servlet.spec.ServletContextImpl.getRequestDispatcher(ServletContextImpl.java:334)
  at com.redhat.examples.servlet.Servlet.doPost(Servlet.java:51)
  ...

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 7.2
    • 7.3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In